Added Unit test coverage for Kustomize V3 Iac-provider

go.mod

@@ -24,7 +24,7 @@ require (
 	github.com/zclconf/go-cty v1.2.1
 	go.uber.org/zap v1.13.0
 	golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
-	golang.org/x/tools v0.0.0-20201113202037-1643af1435f3 // indirect
+	golang.org/x/tools v0.0.0-20201121010211-780cb80bd7fb // indirect
 	gopkg.in/src-d/go-git.v4 v4.13.1
 	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776
 	helm.sh/helm/v3 v3.4.0

go.sum

@@ -1227,6 +1227,8 @@ golang.org/x/tools v0.0.0-20201113164040-559c4acc06b6 h1:LTVgvEdikVZCooj7814/UBp
 golang.org/x/tools v0.0.0-20201113164040-559c4acc06b6/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201113202037-1643af1435f3 h1:7R7+wzd5VuLvCNyHZ/MG511kkoP/DBEzkbh8qUsFbY8=
 golang.org/x/tools v0.0.0-20201113202037-1643af1435f3/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201121010211-780cb80bd7fb h1:z5+u0pkAUPUWd3taoTialQ2JAMo4Wo1Z3L25U4ZV9r0=
+golang.org/x/tools v0.0.0-20201121010211-780cb80bd7fb/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

pkg/iac-providers/kustomize/v3/load-dir.go

@@ -94,7 +94,7 @@ func LoadKustomize(basepath, filename string) ([]*utils.IacDocument, error) {
 
 	m, err := k.Run(basepath)
 	if err != nil {
-		return nil, err
+		return nil, errorFromKustomize(err)
 	}
 
 	yaml, err := m.AsYaml()

pkg/iac-providers/kustomize/v3/load-dir_test.go

@@ -0,0 +1,176 @@
+package kustomizev3
+
+import (
+	"errors"
+	"os"
+	"reflect"
+	"syscall"
+	"testing"
+
+	"github.com/accurics/terrascan/pkg/iac-providers/output"
+	"github.com/accurics/terrascan/pkg/utils"
+)
+
+func TestLoadIacDir(t *testing.T) {
+
+	table := []struct {
+		name          string
+		dirPath       string
+		kustomize     KustomizeV3
+		want          output.AllResourceConfigs
+		wantErr       error
+		resourceCount int
+	}{
+		{
+			name:          "invalid dirPath",
+			dirPath:       "not-there",
+			kustomize:     KustomizeV3{},
+			wantErr:       &os.PathError{Err: syscall.ENOENT, Op: "open", Path: "not-there"},
+			resourceCount: 0,
+		},
+		{
+			name:          "simple-deployment",
+			dirPath:       "./testdata/simple-deployment",
+			kustomize:     KustomizeV3{},
+			wantErr:       nil,
+			resourceCount: 4,
+		},
+		{
+			name:          "multibases",
+			dirPath:       "./testdata/multibases/base",
+			kustomize:     KustomizeV3{},
+			wantErr:       nil,
+			resourceCount: 2,
+		},
+		{
+			name:          "multibases",
+			dirPath:       "./testdata/multibases/dev",
+			kustomize:     KustomizeV3{},
+			wantErr:       nil,
+			resourceCount: 2,
+		},
+		{
+			name:          "multibases",
+			dirPath:       "./testdata/multibases/prod",
+			kustomize:     KustomizeV3{},
+			wantErr:       nil,
+			resourceCount: 2,
+		},
+
+		{
+			name:          "multibases",
+			dirPath:       "./testdata/multibases/stage",
+			kustomize:     KustomizeV3{},
+			wantErr:       nil,
+			resourceCount: 2,
+		},
+		{
+			name:          "multibases",
+			dirPath:       "./testdata/multibases",
+			kustomize:     KustomizeV3{},
+			wantErr:       nil,
+			resourceCount: 4,
+		},
+	}
+
+	for _, tt := range table {
+		t.Run(tt.name, func(t *testing.T) {
+			resourceMap, gotErr := tt.kustomize.LoadIacDir(tt.dirPath)
+			if !reflect.DeepEqual(gotErr, tt.wantErr) {
+				t.Errorf("unexpected error; gotErr: '%v', wantErr: '%v'", gotErr, tt.wantErr)
+			}
+
+			resCount := utils.GetResourceCount(resourceMap)
+			if resCount != tt.resourceCount {
+				t.Errorf("resource count (%d) does not match expected (%d)", resCount, tt.resourceCount)
+			}
+		})
+	}
+
+}
+
+func TestLoadKustomize(t *testing.T) {
+	kustomizeYaml := "kustomization.yaml"
+	kustomizeYml := "kustomization.yml"
+
+	table := []struct {
+		name     string
+		basepath string
+		filename string
+		want     output.AllResourceConfigs
+		wantErr  error
+	}{
+		{
+			name:     "simple-deployment",
+			basepath: "./testdata/simple-deployment",
+			filename: kustomizeYaml,
+			wantErr:  nil,
+		},
+		{
+			name:     "multibases",
+			basepath: "./testdata/multibases",
+			filename: kustomizeYaml,
+			wantErr:  nil,
+		},
+		{
+			name:     "multibases/base",
+			basepath: "./testdata/multibases/base",
+			filename: kustomizeYml,
+			wantErr:  nil,
+		},
+		{
+			name:     "multibases/dev",
+			basepath: "./testdata/multibases/dev",
+			filename: kustomizeYaml,
+			wantErr:  nil,
+		},
+		{
+			name:     "multibases/prod",
+			basepath: "./testdata/multibases/prod",
+			filename: kustomizeYaml,
+			wantErr:  nil,
+		},
+		{
+			name:     "multibases/stage",
+			basepath: "./testdata/multibases/stage",
+			filename: kustomizeYaml,
+			wantErr:  nil,
+		},
+		{
+			name:     "multibases/zero-violation-base",
+			basepath: "./testdata/multibases/zero-violation-base",
+			filename: kustomizeYaml,
+			wantErr:  nil,
+		},
+		{
+			name:     "erroneous-pod",
+			basepath: "./testdata/erroneous-pod",
+			filename: kustomizeYaml,
+			wantErr:  errorFromKustomize(errors.New("")),
+		},
+		{
+			name:     "erroneous-deployment",
+			basepath: "./testdata/erroneous-deployment/",
+			filename: kustomizeYaml,
+			wantErr:  errorFromKustomize(errors.New("")),
+		},
+	}
+
+	for _, tt := range table {
+		t.Run(tt.name, func(t *testing.T) {
+			_, gotErr := LoadKustomize(tt.basepath, tt.filename)
+			switch gotErr.(type) {
+			case errorFromKustomize:
+				_, ok := tt.wantErr.(errorFromKustomize)
+				if !ok {
+					t.Errorf("unexpected error; gotErr type : '%T', wantErr type: '%T'", gotErr, tt.wantErr)
+				}
+			default:
+				if !reflect.DeepEqual(gotErr, tt.wantErr) {
+					t.Errorf("unexpected error; gotErr: '%v', wantErr: '%v'", gotErr, tt.wantErr)
+				}
+			}
+
+		})
+	}
+}

pkg/iac-providers/kustomize/v3/load-file_test.go

@@ -0,0 +1,38 @@
+package kustomizev3
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/accurics/terrascan/pkg/iac-providers/output"
+)
+
+func TestLoadIacFile(t *testing.T) {
+
+	table := []struct {
+		name      string
+		filePath  string
+		kustomize KustomizeV3
+		typeOnly  bool
+		want      output.AllResourceConfigs
+		wantErr   error
+	}{
+		{
+			name:      "load iac file is not supported for helm",
+			filePath:  "/dummyfilepath.yaml",
+			kustomize: KustomizeV3{},
+			wantErr:   errLoadIacFileNotSupported,
+		},
+	}
+
+	for _, tt := range table {
+		t.Run(tt.name, func(t *testing.T) {
+			_, gotErr := tt.kustomize.LoadIacFile(tt.filePath)
+			if !reflect.DeepEqual(gotErr, tt.wantErr) {
+				t.Errorf("unexpected error; gotErr: '%v', wantErr: '%v'", gotErr, tt.wantErr)
+			} else if tt.typeOnly && (reflect.TypeOf(gotErr)) != reflect.TypeOf(tt.wantErr) {
+				t.Errorf("unexpected error; gotErr: '%v', wantErr: '%v'", reflect.TypeOf(gotErr), reflect.TypeOf(tt.wantErr))
+			}
+		})
+	}
+}

pkg/iac-providers/kustomize/v3/testdata/erroneous-deployment/deployment.yaml

@@ -0,0 +1,16 @@
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: myapp
+    test: someupdate
+    test2: someupdate3
+spec:
+  template:
+    spec:
+      containers:
+      - name: myapp-container2
+        image: busybox
+        command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600']
+        securityContext:
+          allowPrivilegeEscalation: true

pkg/iac-providers/kustomize/v3/testdata/erroneous-deployment/kustomization.yaml

@@ -0,0 +1,5 @@
+commonLabels:
+  app: hello
+
+resources:
+- deployment.yaml

pkg/iac-providers/kustomize/v3/testdata/erroneous-pod/kustomization.yaml

@@ -0,0 +1,5 @@
+commonLabels:
+  app: hello
+
+resources:
+- pod.yaml

pkg/iac-providers/kustomize/v3/testdata/erroneous-pod/pod.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+metadata:
+  name: myapp-pod
+  labels:
+    app: myapp
+    test: someupdate
+    test2: someupdate3
+spec:
+  containers:
+  - name: myapp-container
+    image: busybox
+    command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600']
+    securityContext:
+      allowPrivilegeEscalation: true

pkg/iac-providers/kustomize/v3/testdata/multibases/zero-violation-base/kustomization.yaml

@@ -0,0 +1,2 @@
+resources:
+- pod.yaml

pkg/iac-providers/kustomize/v3/testdata/multibases/zero-violation-base/pod.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: myapp-pod
+  namespace: sample-ns
+  labels:
+    app: myapp
+spec:
+  containers:
+  - name: nginx
+    image: nginx:1.7.9
+    resources:
+      requests:
+        memory: "64Mi"
+        cpu: "250m"
+      limits:
+        memory: "128Mi"
+        cpu: "500m"

pkg/iac-providers/kustomize/v3/types.go

@@ -14,6 +14,8 @@ const (
 	KustomizeFileName = "kustomization"
 )
 
+type errorFromKustomize error
+
 // KustomizeFileNames returns the valid extensions for k8s (yaml, yml, json)
 func KustomizeFileNames() []string {
 	return []string{

pkg/utils/resource.go

@@ -49,3 +49,15 @@ func FindResourceByID(resourceID string, normalizedResources *output.AllResource
 
 	return &resource, nil
 }
+
+// GetResourceCount gives out the total number of resources present in a output.ResourceConfig object.
+// Since the ResourceConfig mapping stores resources in lists which can be located resourceMapping[Type],
+// `len(resourceMapping)` does not give the count of the resources but only gives out the total number of
+// the type of resources inside the object.
+func GetResourceCount(resourceMapping map[string][]output.ResourceConfig) (count int) {
+	count = 0
+	for _, list := range resourceMapping {
+		count = count + len(list)
+	}
+	return
+}